期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于字符及解析特征的恶意域名检测方法 被引量:6

A Malicious Domain Detection Approach Based on Character and Resolution Features
下载PDF
导出
摘要 恶意域名被广泛应用于远控木马、钓鱼欺诈等网络攻击中,现有方法无法高效、准确地检测恶意域名。根据恶意域名与正常域名在字符组成、生成方法、解析过程等方面的差异,设计了域名的字符统计特征、相似度特征、解析特征,并结合机器学习算法提出了基于字符及解析特征的恶意域名检测方法,实现了自动化特征提取工具。通过对来源于国家互联网应急响应中心(CNCERT)的大量恶意域名进行检测,证实了这些特征在正常域名与恶意域名之间的区分度,在提高检测准确率的同时,降低了特征提取开销。因此,可利用多维度特征和机器学习算法实现恶意域名检测,保障网络安全。 Malicious domain is widely used in phishing and remote control trojan, and there still exist many limitations to detect malicious domain with high efficiency. In the light of the differences between malicious domains and normal domains in characters, generating algorithms, and resolving, a detection approach based on character and resolution features is proposed with the help of machine learning. With the approach applied to a large amount of malicious domains from CNCERT, the effectiveness of discrimination features has been proven. What's more, the detection approach improves the accuracy with cost reduced. As a conclusion, multi-dimension features and machine learning algorithms can be used in detection of malicious domains for network security.
作者 黄凯 傅建明 黄坚伟 李鹏伟
机构地区 武汉大学空天信息安全与可信计算教育部重点实验室 武汉大学计算机学院 武汉大学软件工程国家重点实验室 南京审计大学工学院
出处 《计算机仿真》 北大核心 2018年第3期287-292,共6页 Computer Simulation
基金 国家自然科学基金(61373168 61202387 U1636107)
关键词 恶意域名 远控木马 机器学习 特征提取中国 Malicious domain Remote control trojan Machine learning Feature extraction
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献2

二级参考文献30

  • 1KAMINSKY D. The black OPS of DNS[A]. Proceedings of the Black Hat USA 2004[C]. Las Vegas, 2004.
  • 2LEIJENHORST T V, CHIN K-W, LOWED. On the viability and performance of DNS tunneling[A]. Proceedings of the 5th International Conference on Information Technology and Applications[C]. Cairns, Australia, 2008.
  • 3NUSSBAUM L, NEYRON P, RICHARD O. On robust covert channels inside DNS[A]. Proceedings of the 24th IF1P International Security Conference[C]. Pafos, Cyprus, 2009.
  • 4MERLO A, PAPALEO G, VENEZIANO S, et al. A comparativeperformance evaluation of DNS tunneling tools[A]. Proceedings of the 5th International Conference on Complex, Intelligent, and Soitware Intensive Systems[C]. Seoul, Korea, 2011.84-91.
  • 5REVELLI A, LEIDECKER N. Introducing heyoka: DNS tunneling 2.0[A]. Proceedings of the SOURCE Conference Boston[C]. Boston, 2009.
  • 6BORN K. PSUDP: a passive approach to network-wide covert communication[A]. Proceedings of the Black Hat USA 2010[C]. Las Vegas, 2010.
  • 7ZANDER S, ARMITAGE G, BRANCH P. A survey of covert channels and countermeasures in computer network protocols[J]. Communications Surveys & Tutorials, IEEE, 2007, 9 (3): 44-57.
  • 8DUSI M, CROTTI M, GRINGOLI F, et al. Tunnel hunter: detecting application-layer tunnels with statistical fingerprinting[J]. Computer Networks, 2009, 53 (1): 81-97.
  • 9ANDERSSON B, EKMAN E. Iodine[EB/OL]. http://eode.kryo.se/ iodine/, 2011.
  • 10BORN K, GUSTAFSON D. NgViz: detecting DNS tunnels through N-gram visualization and quantitative analysis[A]. Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research[C]. Oak Ridge, Tennessee, 2010. 1-4.

共引文献45

同被引文献31

引证文献6

二级引证文献11

计算机仿真
2018年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部